FORUM: Managing and mitigating fraud in the Asia-Pacific region

July 2016 | SPECIAL REPORT: WHITE-COLLAR CRIME

Financier Worldwide Magazine

July 2016 Issue

FW moderates a discussion on managing and mitigating fraud in the Asia-Pacific region between Sachin Murumkar at John Deere, Wilson Ang at Norton Rose Fulbright, Aili Zhao at Siemens Ltd., China, and Sylvia Fang at Taiwan Semiconductor Manufacturing Company Ltd.

FW: What is your view of general attitudes toward fraud in the Asia-Pacific region, from both a corporate and government perspective? How do such attitudes compare to those seen elsewhere in the international community?

Zhao: The degree of tolerance for fraud and corruption keeps going down. Indeed, fraud and corruption are no longer seen as necessary. New regulations have been introduced which demand greater transparency, good accounting practices and fair competition. Record-breaking fines and even personal criminal liabilities are being imposed in corruption, bid-rigging and other unfair competition cases. China and Korea are good examples, and undoubtedly there is more to come. Following the most recent global trend of requiring beneficial ownership information in the wake of the Panama Papers, similar measures are expected in Asia-Pacific countries in the years to come.

Ang: There continues to exist a range of fraudulent activity in the Asia-Pacific region. This includes relatively minor violations, from small scale inflated expense claims, petty cash theft and pilfering of company assets to more complex fraudulent schemes involving collusion among multiple parties, including corruption of public officials, the setting up of slush funds, price-fixing or bid-rigging with competitors and the diversion of corporate revenue. There is a perception in the Asia-Pacific region that while governments are being elected on anti-corruption platforms, insufficient and inconsistent enforcement action is being taken on the ground. It is often international corporations that are taking the lead on implementing preventative measures in the region in order to comply with their extraterritorial obligations imposed by jurisdictions with more advanced anti-corruption legislative regimes.

Murumkar: The definition of fraud is evolving and frauds like data theft, market collusion and cyber crimes in the Asia-Pacific region are becoming more noticeable. Corporates are focusing more on the theft of assets, IP and information. However, governments are now more focused on corruption and bribery, money laundering, market collusion, regularity and compliance breaches. This will force corporates to think about evolving frauds as well. Compared to the international community, the current attitude is more about fire fighting than a preventive approach. Laws to curb fraud in different countries in Asia-Pacific are still evolving. Such delays may compromise the security of personal data, for example.

Fang: For many cultural reasons, exposing corrupt behaviour is not as historically appreciated in Asia as it is in the West. I think Western efforts to eliminate corruption are beginning to take hold in Asia, and things are changing for the better.

For many cultural reasons, exposing corrupt behaviour is not as historically appreciated in Asia as it is in the West.

— Sylvia Fang

FW: Have any recent high-profile fraud cases surfaced in the region, which exemplify the challenges facing companies, regulators, investors and the like?

Murumkar: With regard to specific examples in the region, the 1Malaysia Development Bhd. (1MDB) scam has initiated a series of global investigations involving banks, regulators and enforcement agencies in Australia, Malaysia, Singapore, Hong Kong, Switzerland, Luxembourg, the UAE and the US, as well as government authorities in these countries. This case has also had political implications in Malaysia. The Mitsubishi case has also had an important impact, after Volkswagen made headlines admitting to rigging its emissions testing protocols, Mitsubishi Motors also admitted manipulating test data to overstate fuel efficiency, which was submitted to the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) in Japan. The president of the Japanese car maker, Tetsuro Aikawa, and other company officials bowed deeply to demonstrate their contrition and released a statement on 20 April 2016. The case of Vijay Mallya has also been notable. Mr Mallya is an Indian businessman and politician, who allegedly fled the country after perpetrating financial fraud and money laundering.

Fang: A few procurement and occupational fraud cases have surfaced in recent years. For example, two major procurement frauds involving two enterprises in Taiwan – namely, Hon Hai group and Formosa group – shocked the public in 2014 and 2015. In addition, the accounting frauds of Japanese companies Toshiba and Olympus are the biggest fraud cases to hit this region. The above companies are well respected Asian enterprises, so these cases may undermine confidence across Asia.

Ang: There have been several recent high profile investigations and prosecutions in Asia-Pacific regarding fraud and corruption allegations involving the misuse of state funds and money laundering. Some of these cases involved the purchase of overvalued assets, with excess inflated amounts being paid back to corrupt officials or employees of the purchaser. Other cases involved the payment of funds to improperly obtain contract tenders or other business advantages. We have also seen cases of money being laundered across a few jurisdictions, through the use of offshore shell companies. What is evident from these cases is that fraudulent activity is still quite prevalent in the region, and is becoming more complex and cross-border in nature, often leveraging on advances in technology. Companies that comply with anti-corruption regulations face the challenge of potentially losing business against companies that do not.

Zhao: In this region, we have not seen high-profile cases matching the scale of the LIBOR manipulation or the VW cases. The 2014, GSK prosecution in China ended with a $489m fine and a two to three years prison sentence for GSK’s former country manager and four other executives. This highlights the increasing local enforcement risks companies have to face. GSK was found guilty of using travel agencies and industry associations to channel bribes to healthcare professionals. The 1MDB controversies that are still evolving in Malaysia, exemplify two issues – a lack of transparency and the entanglement of government and law enforcement. Those issues create complexity and uncertainties for regulators as well as businesses.

FW: In your experience, are corporate leaders now actively enhancing the anti-fraud policies and procedures they have in place? Does more need to be done to implement more robust internal controls?

Ang: There has certainly been an improvement in recent years, and corporations have been taking the initiative to ensure they have the appropriate policies and procedures in place to combat fraud and corruption. This includes conducting risk assessments of their business, and designing and implementing tailor-made programmes for the company. We have seen a specific focus on aspects of fraud like bribery, collusive and cartel behaviour, and money laundering. Companies have also introduced both general and specific training for personnel, enhanced financial controls over expense claims, and sought to ensure compliance with gifts and entertainment policies.

Fang: In the electronics industry, certain corporate leaders have had a greater focus on ethics and anti-fraud of late. This is due, in part, to investor sustainability efforts such as the DJSI, the increasing influence of the Electronics Industry Citizenship Coalition and supply-chain management efforts of large US and European-based companies in response to enforcement of the FCPA, UK Bribery Act and other fraud-related measures. I believe there are always areas to improve, but I think the electronics industry is becoming much better.

Zhao: We do see very engaged corporate leaders. Some are doing it under enforcement or political pressure. Others simply believe sound internal controls are essential for sustainable business growth. Engaged leaders are, however, still the minority. In general, much more needs to be done. A recent fraud survey estimated that the typical organisation loses 5 percent of revenue in a given year as a result of fraud. Corporate leaders need to realise that better fraud prevention brings returns. Leadership needs to support investment in compliance talent and compliance technology. Executives must ensure a quick and appropriate response to violations and be personally engaged in demonstrating and communicating ethical behaviour.

Murumkar: Corporate leaders are trying to do their bit to ensure that they have anti-fraud policies in place. But now, looking at the recent cases in the region and their international focus, there have been robust efforts made to put in place anti-fraud policies and laws. This is due to the personal accountability of individuals involved, both in terms of monetary fines which may be applicable and the potential imprisonment of those involved. Increasingly, individuals are getting penalised, as well as the corporates that employ them. For example, the Yates Memo has had an impact. We are also seeing capital punishment for bribery of local and foreign government officials in Thailand. The scope of anti-corruption laws is increasing and more severe penalties for corruption in South Korea will become effective in September 2016.

Executives must ensure a quick and appropriate response to violations and be personally engaged in demonstrating and communicating ethical behaviour.

— Aili Zhao

FW: To what extent is increased fraud regulation and stronger enforcement impacting on companies operating across the Asia-Pacific region? How are companies responding to more stringent standards?

Murumkar: For global companies operating in the Asia-Pacific region, the biggest challenge is the people and culture. Many global companies already have required processes, policies and controls in place because of their North American and European operations. However, the biggest challenge for global organisations lies in localising those processes and policies to fit local laws in areas such as privacy, competition and bribery, which are still evolving. Companies are required to have more resources, such as privacy officers and compliance managers, as a result of the new laws. However, SMEs and other local companies might face challenges because of their limited resources and compliance may not be their priority. I would not be surprised to see additional requirements for compliance professionals and forensic experts in the near future.

Fang: Hotlines are arguably the most effective way to expose fraud in our region. For many cultural reasons, exposing corrupt behaviour is not as fully appreciated in Asia as it is in the West. Strengthening whistleblower rights will continue to play an important role in terms of encouraging whistleblowing activities. Changing the negative perception of whistleblowers will also help to promote the use of hotlines.

Zhao: Increased regulation and intensified enforcement have generated a lot more awareness, and pressure on companies to do something to manage the increasing risks. As confirmed by the EY 2015 Asia Pacific fraud survey, local anti-corruption enforcement is considered the biggest challenge. Expanding regulatory demands require companies to look at their financial transactions and relationships in greater depth. More and more companies have started shaping up their internal controls. For companies that do have an established internal control system, key areas of focus are on assessing whether the existing system is working, and, if not, how to improve it. This development is creating a war for compliance talent in the region.

Ang: Companies in Asia-Pacific are somewhat behind the curve compared to their Western counterparts, where laws are more stringent and aggressively enforced. The region does not have a deep history of emphasising a strong corporate compliance culture. In certain jurisdictions, laws may not give legal effect to or require the implementation of compliance programmes. However, this is gradually changing, and interest in the subject has grown significantly. In recent years, we have seen a convergence of laws across jurisdictions. Asian companies need to learn from the Western experience, but with appropriate modifications for local challenges and cultural business practices.

Some companies are still under the impression that their agent can do ‘dirty business’ for them without any legal repercussions.

— Wilson Ang

FW: Is there a sufficient appreciation of the importance of carrying out appropriate due diligence and monitoring fraud risk arising from third-party and cross-border relationships?

Zhao: Fraud and corruption risks posed by third-parties and cross-border relations are not fully understood and grasped. Due diligence methodology and techniques need to evolve. The lack of reliable and relevant information presents the biggest challenge for quality results in the initial due diligence. Third-party training and continuous monitoring add significant resource constraint for the already stretched in-house compliance teams in most companies. Due diligence and monitoring could become a mere tick-the-box exercise. These challenges are not only regional but global.

Ang: We have noticed a growing awareness of the importance of due diligence and monitoring fraud risk in cross-border relationships, but this needs to translate into clear policies, implemented programmes and effective controls. Some companies are still under the impression that their agent can do ‘dirty business’ for them without any legal repercussions. Companies also need to realise that it is not just a matter of getting a due diligence report on reputation and performing a media search. The review needs to delve much deeper. Companies need to test third-parties’ compliance culture and the way they handle risks in their business operations. This should be done upon consideration of the particular risks involved for each business relationship. Companies must also be aware of the need to continue to monitor and manage relationships with third-parties, as the risk of fraud or corruption can arise, after inception, at a later stage of the business relationship.

Murumkar: There is sufficient appreciation for carrying out required due diligence for third-parties and cross-border relationships. As businesses are becoming global and technology is enabling it, due diligence has become very important. It is better to be safe than have to respond to the enforcement agencies. In the region, since most background information may not be available on the internet, or in public records, it becomes essential that due diligence is done on the ground and facts are clear – otherwise, you may end up contracting with a party that has strong political connections to government agencies, like the police. Revenue from activities such as these increases the risk of conflicts of interest and bribery.

Fang: Whereas before, having a Code of Conduct and obligating third-parties to obey the Code was considered good enough, now we are seeing a much greater emphasis on supplier training and verifying compliance through audits. In addition, the awareness of the importance of anti-fraud due diligence during M&A has certainly been raised in the past few years.

FW: What general advice would you give to companies on ensuring their employees and associates are aware of potential fraud risks?

Fang: Continuous communication and education is key. Since many controversial or illegal practices find their roots in local business culture, fostering a change of culture requires patience and persistence from both management and the team responsible for implementing compliance controls.

Murumkar: Culture beats rules in many countries in the region. Therefore, there is a need to focus on compliance not only at senior management level, but also at the middle and lower end of the pyramid. It is also essential to set clear expectations for third-parties about your ethics and the way you do business. Training and communication is key here. The integrity of leaders and employees at all levels helps bring attention to the issues at hand. This may also help to mitigate fraud risk or detect it early. Training employees and third-parties about identifying red flags also helps to detect possible fraud. Therefore, companies should create an environment of trust and transparency so employees are encouraged to raise concerns without fear.

Ang: It is essential that companies take a strong tone when informing employees and associates of potential risks, one that will communicate the importance of the subject. It is equally important that the guidance given to employees is clear, and it is strongly advised that practical training is given on tackling specific scenarios. As it is impossible to train for every potential scenario, employees should have a channel for seeking advice when they face ethical dilemmas. Companies also need to establish procedures by which they can monitor employee behaviour and assess risks. Ongoing training on standards and policies is advisable.

Zhao: Leadership and management responsibility are essential to embedding awareness into organisations. Compliance teams need to start with and continuously work with leadership teams. With strong leadership support, proactive communication is important. Using real cases from within their own organisation is the most effective method. Quick and appropriate disciplinary action, in the event of wrongdoing, is the key to deterrence. The roles and responsibilities of employees and managers need to be defined. Managing fraud risks should become part of an employee’s remit in their daily work.

There are different standards for criminal enforcement and civil liability in each of the jurisdictions that should be taken into account when mitigating compliance risk.

— Sachin Murumkar

FW: To what extent are whistleblower hotlines being used to tackle fraud in the region? In what ways can improvements be made in this area?

Ang: We have seen a large number of cases of whistleblowing, but these have not necessarily occurred through official channels set up by employers. Companies need to have a clear policy and procedure for whistleblowing, including providing non-retaliation assurances and other protections for the whistleblower. Companies should work toward giving employees the comfort that the whistleblowing process is independent, as well as the confidence that appropriate action will be taken to address issues brought to light. There is currently a stigma associated with whistleblowing in Asia, and it will take effort and time to change this mindset.

Zhao: A recent survey shows that 55 percent of the companies surveyed have a whistleblower hotline. Experience however, shows that the number and quality of reports received via whistleblower hotlines are far from satisfactory. In general, a very small number of reports are received. In many cases, if not most, the hotline was used by unhappy employees or business partners hoping to exact personal revenge against one another anonymously. Something needs to be done before companies can get the full value of operating a whistleblower hotline. More communication is needed to guide the proper use of the hotline. Confidentiality and non-retaliation against the reporter need to be ensured. The company’s compliance or investigation team needs to respond quickly. More confidence in the whistleblower system will lead to more good faith whistleblowing.

Murumkar: The development of whistleblower laws in the region is somewhat patchy. Japan and China offer full protection whereas, for now, in Australia, the existence of express federal laws protecting whistleblowers is limited. In Hong Kong there are, at present, no express whistleblowing laws, and in order to gain protection in these jurisdictions a whistleblower has to rely on piecemeal rights found in employment, anti-corruption and criminal laws. It is still a new concept in the region and is yet to gain the trust of many people. The willingness to use whistleblower hotlines has decreased and the decrease appears to be due to respondents being increasingly concerned about the insufficient legal protection or the lack of confidentiality for whistleblowers. Even the lack of clarity as to what cases people should use hotlines for have contributed to the reduction in their use.

FW: Do you expect to see an uptick in fraud in the region in the months and years to come? What further steps will companies need to take manage and mitigate this risk?

Fang: Generally speaking, combating fraud both in the public and private sectors has become a focal point in the region. While we may see more exposure of fraud, I believe the acceptance of fraud has declined and will continue to decline, in large part because public awareness has been raised to a significant degree. Companies should continue to take affirmative steps toward building a culture of compliance and ensure both their employees and stakeholders know they mean it. Promoting whistleblowing activities will also benefit companies greatly both in terms of fraud detection and deterrence.

Murumkar: Governments and organisations around the globe are increasingly moving toward a more compliant business environment and are exposing and deterring hidden wrongdoing, increasing accountability and strengthening the fight against fraud, corruption and mismanagement. The Asia-Pacific region varies in terms of anti-fraud legislation and in enforcement practices. There are different standards for criminal enforcement and civil liability in each of the jurisdictions that should be taken into account when mitigating compliance risk. For example, countries define bribery and fraud differently and vary in how they view facilitation payments and public/private bribery. Therefore, companies should focus on having a compliance culture compliant with local laws.

Zhao: We do expect to see more frauds come to the surface. Contributing factors for the uptick in cases includes increasing regulation and enforcement, global business expansion, and the increasing use of technology and cyber platforms in business transactions. Internal controls need to be continuously assessed and enhanced. For example, third-party due diligence needs to further evolve to be more efficient and effective; real-time forensic data analytics needs be introduced to identify unusual transactions and potential unethical behaviour. Information security systems need to be employed to prevent and detect new forms of fraud, wherever possible. The most important step, however, is to place much more emphasis on building a compliance culture. The best internal controls will not work if they are not supported or embraced by the organisation’s culture.

Ang: We do expect to see an increase in the uncovering of fraud in the region in the coming years. As the economy slows in many countries in the region, this puts pressure on salespeople to resort to improper practices. As companies undergo restructuring, this may also lead to the uncovering of fraud and corruption that may need to be investigated. An increase in cases of fraud is also likely to result from stronger enforcement by government agencies and increased international regulatory cooperation, alongside journalistic exposure into opaque corporate practices. Companies should take preventative steps, but they also need to be prepared to respond appropriately and consistently if there is a crisis. This will require the implementation of an investigation plan to address issues as they arise. Companies will need to have staff trained to handle investigations, in addition to having external advisers on hand when necessary.

Sachin Murumkar is legal counsel for John Deere Asia. He provides legal services to Asia and has experience in legal and compliance management, cross-border transactions, manufacturing and distribution of products and service industry across Asia Pacific. Mr Murumkar has a special interest in privacy, trade regulations, anti-bribery laws, M&A, regulatory and corporate compliance, technology laws, and employment & industrial relations.

He can be contacted on +91 20 6703 2240 or by email: murumkarsachin@johndeere.com.

Wilson Ang is a dispute resolution lawyer based in Singapore where he heads up the Singapore investigations and compliance practice. Mr Ang focuses on conducting internal investigations on business ethics and anti-corruption matters and advises on risk management, remediation measures and follow-on disputes. He also has extensive experience designing and implementing compliance programmes, conducting anti-corruption due diligence reviews and handling complex and sensitive issues involving bribery, fraud, sanctions, money-laundering and financial services regulatory violations. He can be contacted on +65 6309 5392 or by email: wilson.ang@nortonrosefulbright.com.

Aili Zhao is a vice president and regional compliance officer for Siemens Ltd in China. She specialises in compliance, corporate governance and corporate law, M&A, foreign direct investment, labour law, contract and claim management. She can be contacted on +86 21 3889 3177 or by email: aili.zhao@siemens.com.

Sylvia Fangis a vice president and general counsel for TSMC. She was previously director of the Corporate Legal Division where she worked on numerous high-profile corporate transactions, precedent-setting intellectual property trade secret litigations, the promotion of significant legal changes, and the resolution of corporate governance issues. She also has been working extensively with the board of directors, including the independent directors on various board, audit committee and compensation committee matters and other special projects. She can be contacted on +886 3 563 6688 (ext. 712 2002) or by email: pauline_lushfang@tsmc.com.